cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
482
Views
15
Helpful
5
Replies

Capture packets on router

wilson_1234_2
Level 3
Level 3

I am trying to determine the source of traffic across a DS3 link.

I have applied an access-list inbound on the serial interface as shown:

access-list 102 permit tcp any any range 1 65535 log

access-list 102 permit udp any any range 1 65535 log

access-list 102 permit ip any any log

apply access-group 102 in s0/0

When viewing the log I am seeing this:

Oct 7 17:01:18.586: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 38401 packets

Is there a limit set on the router log buffer?

5 Replies 5

lgijssel
Level 9
Level 9

Using an acl with log like this is drawing heavy on the CPU because there are many cycles involved in handling a packet. Your DS3 will handle a lot more traffic than the CPU can handle. In this case I presume that subsequent packets are by-passed in one way or another and listed as "missed" i.e. not processed by the acl/logger.

It would be better to attempt to capture the traffic with an packet analyzer (wireshark) and get your information that way.

regards,

Leo

Thanks for the reply,

Is it possible to use ethereal or wireshark to capture packets passing through the serial interface of a router from a workstation?

Any packet traversing the DS3 will go via the router's LAN interface, correct ?

If that's the case, SPAN the port where this LAN interface is connected with destination towards the workstation running Ethereal.

HTH,

Thanks for the reply.

I have no more configurable SPAN ports available for that switch, they are being used already.

What kind of traffic are you looking for ?

You can configure netflow on the interfaces instead of tracking every single packet traversing the interface.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/honf_c/chap05/onf_bcf.htm

Review Cisco Networking for a $25 gift card